- WHAT HAPPENS WHEN YOUR ROUTER IS HACKED?
- IoT Reverse Engineering
- Embedded Systems Security and TrustZone
- CH32V003 PROGRAMMING: HOW TO USE UART
- 物联网终端安全入门与实践之了解物联网终端 (上篇)
- 《物联网终端安全入门与实践之了解物联网终端》下
- 《物联网终端安全入门与实践之玩转物联网固件》上
- 物联网终端安全入门与实践之玩转物联网固件(中)
- 物联网终端安全入门与实践之玩转物联网固件(下)DIY篇
- 摄像头漏洞挖掘入门教程(固件篇)
- Cisco IOS XE CVE-2023-20198 and CVE-2023-20273: WebUI Internals, Patch Diffs, and Theory Crafting
- Cisco IOS XE CVE-2023-20198: Deep Dive and POC
- Analysis of Unauthenticated Command Execution Vulnerability in Cisco IOS XE System WebUI
- Cisco RV130 – It’s 2019, but yet: strcpy
- Exploiting CVE-2019-1663
- Breaking Cisco RV110W, RV130, RV130W, and RV215W. Again.
- Ghetto Patch Diffing a Cisco RV110W Firmware Update
- Patch Diffing a Cisco RV110W Firmware Update (Part II)
- Cisco RV340 SSL VPN Unauthenticated Remote Code Execution as root
- Reversing Citrix Gateway for XSS
- Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway
- Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway (Part 2)
- CVE-2023-3519
- CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures
- CVE-2023-22374: F5 BIG-IP Format String Vulnerability
- Refresh: Compromising F5 BIG-IP With Request Smuggling | CVE-2023-46747
- Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN
- Producing a POC for CVE-2022-42475 (Fortinet RCE)
- CVE-2022-42475
- Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was
- XORtigate: Pre-authentication Remote Code Execution on Fortigate VPN (CVE-2023-27997)
- HEXACON2023 - XORtigate: zero-effort, zero-expense, 0-day on Fortinet SSL VPN by Charles Fol
- CVE-2023-27997-FortiGate-SSLVPN-HeapOverflow
- Breaking Fortinet Firmware Encryption
- Building an Exploit for FortiGate Vulnerability CVE-2023-27997
- Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
- CVE-2023-36844 And Friends: RCE In Juniper Devices
- Fileless Remote Code Execution on Juniper Firewalls
- 一种 SonicWall nsv 虚拟机的解包方法
- Ghost In The Wire, Sonic In The Wall - Adventures With SonicWall
- It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable
- CVE-2021-33514:Netgear 多款交换机命令注入漏洞
- Feral Terror vulnerability (some NETGEAR smart switches UPDATED 3
- Seventh Inferno vulnerability (some NETGEAR smart switches)
- Draconian Fear vulnerability (some NETGEAR smart switches)
- COOL VULNS DON'T LIVE LONG - NETGEAR AND PWN2OWN
- PwnAgent: A One-Click WAN-side RCE in Netgear RAX Routers with CVE-2023-24749
- Puckungfu: A NETGEAR WAN Command Injection
- CVE-2022-27643 - NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability
- nday exploit: netgear orbi unauthenticated command injection (cve-2020-27861)
- NETGEAR NIGHTHAWK R7000P UPNPD BUFFER OVERFLOW REMOTE CODE EXECUTION VULNERABILITY
- Reverse Engineering a Netgear Nday
- Analyzing an Old Netatalk dsi_writeinit Buffer Overflow Vulnerability in NETGEAR Router
- NETGEAR NIGHTHAWK R7000P AWS_JSON UNAUTHENTICATED DOUBLE STACK OVERFLOW VULNERABILITY
- Our Pwn2Own journey against time and randomness (part 1)
- Our Pwn2Own journey against time and randomness (part 2)
- Pwn2Own Toronto 22: Exploit Netgear Nighthawk RAX30 Routers
- NetGear 夜鹰 RAX40V2 设备与固件分析
- Zyxel firmware extraction and password analysis
- Multiple vulnerabilities in Zyxel zysh
- Zyxel authentication bypass patch analysis (CVE-2022-0342)
- Useless path traversals in Zyxel admin interface (CVE-2022-2030)
- Vulnerabilities in Tenda's W15Ev2 AC1200 Router
- Tenda AX12 路由器设备分析(一)
- Tenda AX12路由器设备分析(二)之UPnP协议
- Tenda AX12 路由器设备分析(三)之OpenWrt 浅析
- draytek漏洞分析
- DrayTek Vigor企业级路由器和交换机设备在野0-day 漏洞分析报告
- DrayTek Vigor 2960 从未授权到rce
- CVE-2020-8515 漏洞分析与利用
- Vigor2960漏洞复现(CVE-2020-14472)
- When an N-Day turns into a 0day. (Part 1 of 2)
- Remote code execution as root from the local network on TP-Link SR20 routers
- TP-Link AC1750 (Pwn2Own 2019)
- EXPLOITING THE TP-LINK ARCHER A7 AT PWN2OWN TOKYO
- PWN2OWN TOKYO 2020: DEFEATING THE TP-LINK AC1750
- Exploiting n-day in Home Security Camera
- TP-Link IP43AN
- THE ANATOMY OF A BUG DOOR: DISSECTING TWO D-LINK ROUTER AUTHENTICATION BYPASSES
- Debugging D-Link: Emulating firmware and hacking hardware
- D-Link DIR-816 A2路由器安全研究分享
- Reverse Engineering a D-Link Backdoor
- D-Link DAP-X1860: Remote Command Injection
- SSD ADVISORY – D-LINK DIR-X4860 SECURITY VULNERABILITIES
- 实战逻辑漏洞:三个漏洞搞定一台路由器
- 【长亭HITCON演讲视频】如何从零开始攻破一台明星IoT设备
- Exploit (Almost) All Xiaomi Routers Using Logical Bugs
- 小米R3A和R4系列路由器远程命令执行漏洞(CVE-2019-18370,CVE-2019-18371)
- 关于我们在强网杯上小米路由器非预期解这件小事
- 强网杯 2021 线下 RW Mi Router
- Xiaomi AI Speaker Authenticated RCE I: Firmware Analysis
- Xiaomi AI Speaker Authenticated RCE II: How Does MICO OTA Update Work?
- Xiaomi AI Speaker Authenticated RCE III: CVE-2020-14096
- DEFCON 26-Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices
- I hacked MiBand 3, and here is how I did it. Part I
- I hacked MiBand 3, and here is how I did it Part II — Reverse Engineering to upload Firmware and Resources Over the Air
- Hack Routers, Get Toys: Exploiting the Mi Router 3
- Show Mi The Vulns: Exploiting Command Injection in Mi Router 3
- Xiaomi Wi-Fi Repeater Analysis — IoT Exploitation/Research
- Custom Firmware for the Xiaomi AX3600 Wireless Router
- 物联网设备消息总线机制的使用及安全问题
- Rooting Xiaomi WiFi Routers
- IoT Reverse Engineering
- A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: WD PR4100 Edition
- A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: Synology DS920+ Edition
- Synology NAS DSM Account Takeover: When Random is not Secure
- HiSilicon DVR hack
- Exploiting: Buffer overflow in Xiongmai DVRs
- Hacking the Furbo Dog Camera: Part I
- Hacking the Furbo Dog Camera: Part II
- Hacking the Furbo Dog Camera: Part III Fun with Firmware
- Hacking a Tapo TC60 Camera
- Black Hat 2013 - Exploiting Network Surveillance Cameras Like a Hollywood Hacker
- Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
- [胖猴小玩闹] 智能门锁与网关番外二: 云丁鹿客门锁中bootloader和FreeRTOS的分析
- Breaking Secure Boot on the Silicon Labs Gecko platform
- Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)
- Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
- DryOS PIXMA Printer Shell
- A Sheep in Wolf’s Clothing – Finding RCE in HP’s Printer Fleet
- FAXPLOIT: SENDING FAX BACK TO THE DARK AGES
- TREASURE CHEST PARTY QUEST: FROM DOOM TO EXPLOIT
- Pwn2Own 2021 Canon ImageCLASS MF644Cdw writeup
- Your printer is not your printer ! - Hacking Printers at Pwn2Own Part I
- Your printer is not your printer ! - Hacking Printers at Pwn2Own Part II
- 【hitcon2022】Your printer is not your printer ! - Hacking Printers at Pwn2Own
- How I Hacked my Car
- How I Hacked my Car Part 2: Making a Backdoor
- How I Hacked my Car Part 3: Making Software
- NFC RELAY ATTACK ON TESLA MODEL Y
- 浅谈车机IVI漏洞挖掘
- 新型车机,如何攻防?
- Rooting Bosch lcn2kai Headunit
- APK逆向分析入门-以某车载音乐APP为例
- From MQTT Fundamentals to CVE
- Burglars’ IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds
- The Fragility of Industrial IoT’s Data Backbone
- Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later
- Your not so "Home Office" - SOHO Hacking at Pwn2Own
- Exception(al) Failure - Breaking the STM32F1 Read-Out Protection
- Pwn the ESP32 crypto-core
- HARDWARE HACKING 101: IDENTIFYING AND DUMPING EMMC FLASH
- Extract Firmware from OT Devices for Vulnerability Research
- Methods for Extracting Firmware from OT Devices for Vulnerability Research
- Hacking Some More Secure USB Flash Drives (Part I)
- Hacking Some More Secure USB Flash Drives (Part II)
- Hardware Hacking to Bypass BIOS Passwords
- Bypassing Secure Boot using Fault Injection
- KERNELFAULT: R00ting the Unexploitable using Hardware Fault Injection
- KERNELFAULT: Pwning Linux using Hardware Fault Injection
- HARDENING SECURE BOOT ON EMBEDDED DEVICES FOR HOSTILE ENVIRONMENTS
- MindShare: Dealing With Encrypted Router Firmware
- Zyxel firmware extraction and password analysis
- Reverse Engineering Yaesu FT-70D Firmware Encryption
- Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)
- Intro to Embedded RE: UART Discovery and Firmware Extraction via UBoot
- Breaking Fortinet Firmware Encryption
- Dumping Flash Content
- 智能设备漏洞挖掘之固件提取
-
A filesystem cartography and correlation software focusing on visualization.
-
A firmware base address search tool.
-
A simple shell script and two bash sourceable scripts used to build a static gdb-7.12 gdbserver using cross-compiler setups
-
Public repository of statically compiled GDB and GDBServer
-
Various binaries for the mips architecture